- It stands for “Zero-Knowledge Succinct Non-Interactive Argument of Knowledge".
- Zero-knowledge” proofs allow one party to prove to another that a statement is true without revealing information beyond the statement's validity.
- "Succinct" means the proofs can be verified within a few milliseconds.
- Currently, the most efficient way to produce zero-knowledge proofs that are non-interactive & short enough to publish to a block chain is to have an initial setup phase that generates a common reference string between prover & verifier.
- This common reference string is called the public parameters of the system.

- zk-SNARKs work by first turning what you want to prove. into an equivalent form about knowing a solution to some equations.
- Computation → Arithmetic Circuit → R1CS → QAP → zk-SNARK

- Zcash uses zk-SNARKs to prove the conditions for a transaction have been satisfied without revealing crucial information.
- Shielded transactions must satisfy some other conditions:
- Commitment = HASH(recipient address, amount, rho, r)
- Nullifier = HASH(spending key, rho)
- For each input note, a revealed commitment exists.
- Nullifiers & note commitments are computed correctly.
- It is infeasible for the nullifier of an output note to collide with the nullifier of any other note.

Related content

See all posts